1. Field of the Invention
The present invention relates to cryptographic communication, and in particular to a key management method to prevent illegal eavesdropping in a network system, wherein keys of the network system are divided into several family subkeys and several communication subkeys which are respectively preserved in plural trusted-key centers and are not available to any single trusted-key center, and in which communication keys are valid only during an authorized time period.
2. Description of the Related Art
FIG. 1 (Prior Art) is a diagram illustrating a current cryptographic network system. In FIG. 1, a trusted-key center CA is provided in the network system to preserve all session keys and to ensure data security, such as preventing passive eavesdropping and active tampering. When a user Pi and another user Pj want to communicate with each other on a telephone system or a communication system, the sender, e.g., the user Pi, first passes a to-be-transferred message m to a cipher device 10. The cipher device 10 then encrypts the input message m using a corresponding session key Kij and outputs the encrypted message Ekij(m) to a decipher device 20 at the receiving terminal thereof. Thereafter, the decipher device 20 decrypts the encrypted message Ekij(m) using the same session key Kij and then outputs the recovered message m to the receiver, e.g., the user Pj.
In the cryptographic network system, once an eavesdropper Pk is authorized to eavesdrop the communication between the user Pi and the user Pj, the trusted-key center CA will pass the corresponding session key Kij to the eavesdropper Pk. However, the session key Kij preserved in the trusted-key center CA is not refreshed frequently, so the eavesdropper Pk can still use the previously obtained session key Kij to eavesdrop the communication between the user Pi and the user Pj, even after the authority has expired.
Furthermore, due to a possible security compromise of the trusted-key center CA, a potential security risk is realized when all the session keys of a network system are stored in a single trusted-key center.
Therefore, it is an object of the present invention to provide a key management method for a network system, wherein keys of the network system are divided into several family subkeys and communication subkeys which are respectively preserved in plural trusted-key centers and are not available to any single trusted-key center, in order to prevent compromise of secure communications in the network system.
It is another object of the present invention to provide a key management method for a network system, wherein communication keys are not valid except during an authorized time period to prevent illegal eavesdropping.
It is another object of the present invention to provide a key management method for a network system, wherein each of the trusted-key centers generates a time-related and irreversible hash value which is used to calculate communication keys of the network system, so that the communication subkeys preserved in each of the trusted-key centers can be refreshed at a lower frequency.
It is another object of the present invention to provide a key management method for a network system, wherein each of the trusted-key centers only preserve subkeys of an order of t2, where t is the number of all network users. Because it is very fast to compute a one-way hash function, the computation loading for each of the trusted-key centers is very low.
To achieve the above and other objects, the present invention provides a key management method to prevent illegal eavesdropping in a network system. This method includes the following steps. First, keys of the network system are divided into several family subkeys and several communication subkeys. Then, a few trusted-key centers are provided for respectively preserving a part of the family subkeys and one of the communication subkeys, and generating a one-way hash value involving the preserved communication subkey and an open information. Thereafter, each of the trusted-key centers passes the hash value to an eavesdropper according to an authority certificate. Each of the trusted-key centers interchanges the preserved family subkeys according to the authority certificate to obtain a session key which is passed to the eavesdropper. Then, the eavesdropper combines all the hash values from the trusted-key centers to obtain a corresponding communication key, which is accompanied by the session key, in order to eavesdrop an authorized communication.
In this key management method, the open information may be a current time. The hash value may be obtained by calculating a one-way hash function of a sum of the preserved communication subkey and the current time. The communication key may be combined by adding all the hash values from the trusted-key centers.